New Linux Flaw Enables Privilege Escalation on Major Distributions
Oct 04, 2023THNEndpoint Security / Vulnerability A new Linux security vulnerability dubbed Looney Tunables has been discovered in the GNU C library’s ld.so dynamic loader…
Category: TheHackerNews
PyTorch Models Vulnerable to Remote Code Execution via ShellTorch
Oct 03, 2023THNArtificial Intelligence / Cyber Threat Cybersecurity researchers have disclosed multiple critical security flaws in the TorchServe tool for serving and scaling PyTorch models…
Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation
Oct 03, 2023THNZero Day / Vulnerability Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days…
Over 3 Dozen Data-Stealing Malicious npm Packages Found Targeting Developers
Oct 03, 2023THNSoftware Security / Hacking Nearly three dozen counterfeit packages have been discovered in the npm package repository that are designed to exfiltrate sensitive…
Protecting your IT infrastructure with Security Configuration Assessment (SCA)
Oct 03, 2023The Hacker NewsNetwork Security / XDR / SIEM Security Configuration Assessment (SCA) is critical to an organization’s cybersecurity strategy. SCA aims to discover…
API Security Trends 2023 – Have Organizations Improved their Security Posture?
Oct 03, 2023The Hacker NewsAPI Security / Data Security APIs, also known as application programming interfaces, serve as the backbone of modern software applications, enabling…
Researcher Reveals New Techniques to Bypass Cloudflare’s Firewall and DDoS Protection
Firewall and distributed denial-of-service (DDoS) attack prevention mechanisms in Cloudflare can be circumvented by exploiting gaps in cross-tenant security controls, defeating the very purpose of…
Arm Issues Patch for Mali GPU Kernel Driver Vulnerability Amidst Ongoing Exploitation
Oct 03, 2023THNCyber Attack / Vulnerability Arm has released security patches to contain a security flaw in the Mali GPU Kernel Driver that has come…
A Year-Long Web Skimming Campaign Targeting Online Payment Businesses
Oct 02, 2023THNWebb Security / Payment Security A financially motivated campaign has been targeting online payment businesses in the Asia Pacific, North America, and Latin…
Scattered Spider Getting SaaS-y in the Cloud
LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages the Identity Provider (IDP) as…
OpenRefine’s Zip Slip Vulnerability Could Let Attackers Execute Malicious Code
Oct 02, 2023THNVulnerability / Cyber Attack A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result…
New Malware-as-a-Service Threat Emerges in the Cybercrime Underground
Oct 02, 2023THNCyber Threat / Malware Cybersecurity experts have discovered yet another malware-as-a-service (MaaS) threat called BunnyLoader that’s being advertised for sale on the cybercrime…